#!/bin/bash
# Check /etc/inittab for "ssh:23:respawn:..." which means sshd should be started
# (that entry is written by rescue/default/500_ssh.sh if sshd should be started):
if grep -q '^ssh:' /etc/inittab ; then
    if ! test -s /etc/ssh/ssh_host_rsa_key ; then
        # Generate at least an rsa SSH host key if there is none to be fail-safe against
        # running sshd possibly without any SSH host key which is not accessible from remote
        # (on the remote host one would get "Connection to recovery.system.IP.address closed.")
        # cf. build/default/500_ssh_setup.sh
        # Run ssh-keygen silently with '-q' to avoid messages about key generation
        # that swamp the recovery system login screen so that there is be no longer a login prompt visible
        # cf. https://github.com/rear/rear/issues/1512#issuecomment-348196998
        ssh-keygen -q -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub )\n" >> /etc/issue
    fi
    if ! test -s /etc/ssh/ssh_host_ed25519_key ; then
        # Generate the ed25519 SSH host key required on EL9
        ssh-keygen -q -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key
        echo -e "\nSSH fingerprint: $( ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub )\n" >> /etc/issue
    fi
    mkdir -p /usr/share/empty.sshd   # required on EL9
    mkdir -p /run/sshd
    # Avoid "Could not load host key: /etc/ssh/ssh_host_..._key" messages
    # that look confusing on the recovery system login screen
    # cf. https://github.com/rear/rear/issues/1512#issuecomment-348196998
    # and without '-D' one gets at least on SLES11 with SysVinit
    #   INIT: Id "ssh" respawning too fast: disabled for 5 minutes
    # cf. https://github.com/rear/rear/issues/1512#issuecomment-348201905
    exec /bin/sshd -D 2>/dev/null
fi

